Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System and method for protecting against dictionary attacks on password-protected TPM keys

a dictionary attack and password-protected technology, applied in the field of system and method for protecting against dictionary attacks on password-protected tpm keys, can solve the problems of unable to keep backup copies of keys, keys are rendered useless, and keys must be regenerated

Inactive Publication Date: 2007-01-18
IBM CORP
View PDF3 Cites 68 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Computer users wishing to implement a security solution are constantly faced with the tradeoff between convenience and security, because more security generally means more difficulty in using a system.
While this offers security because the keys are useless to a hacker who might attempt to crack the keys for use on another system, it also requires that no backup copies of the keys can be kept.
As understood herein, this has the inconvenient drawback that if the user's motherboard is replaced pursuant to, e.g., a hardware failure, the keys are rendered worthless and new keys must be regenerated, a costly penalty to customers who have paid for digital certificates.
Also, any security credentials protected with the keys, such as stored passwords and encrypted files, would no longer be accessible.
Specifically, the presence of an administrator inconveniently is required for key restoration, and, if the master key is ever lost or compromised, the integrity of all keys in the environment likewise is compromised.
Alternatively using bare passwords to protect copies of the keys similarly is less than optimal, because passwords are susceptible to being defeated by dictionary attacks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for protecting against dictionary attacks on password-protected TPM keys
  • System and method for protecting against dictionary attacks on password-protected TPM keys
  • System and method for protecting against dictionary attacks on password-protected TPM keys

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] Referring initially to FIG. 1, a high-level block diagram of a data processing system, generally designated 10, is shown in which the present invention may be implemented. The system 10 in one non-limiting embodiment is a personal computer or laptop computer, and can function as the below-described recording computer and / or reading computer. The system 10 includes a processor 12, which may be, without limitation, a PowerPC processor available from International Business Machines Corporation of Armonk, N.Y. (or other processors made by, e.g., Intel or AMD and common to the industry). The system 10 may also include a trusted platform module (TPM) 13 that may be implemented by a chip, for providing security functions in accordance with TPM principles known in the art, including the encryption, using a security key, data to be stored in the system 10.

[0015] The processor 12 and TPM 13 may be connected to a processor bus 14, and a cache 16, which is used to stage data to and from...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A computer system that may include a trusted platform module (TPM) along with a processor hashes a user-supplied password for a predetermined time period that is selected to render infeasible a dictionary attack on the password. The results of the hash are used to render an AES key, which is used to encrypt an RSA key. The encrypted RSA key along with the total number of hash cycles that were used is stored and the RSA key is provided to the TPM as a security key. In the event that the RSA key in the TPM must be recovered, the encrypted stored version is decrypted with an AES key that is generated based on the user inputting the same password and hashing the password for the stored number of cycles.

Description

I. FIELD OF THE INVENTION [0001] The present invention relates generally to securely storing backup encryption keys. II. BACKGROUND OF THE INVENTION [0002] Computer users wishing to implement a security solution are constantly faced with the tradeoff between convenience and security, because more security generally means more difficulty in using a system. A solution based on a Trusted Platform Module (TPM), or security chip, must contend with this tradeoff. [0003] In the case of a TPM, the most secure usage of keys generated for use with the TPM would involve generating the keys within the TPM chip, and not allowing the keys to migrate to other systems. While this offers security because the keys are useless to a hacker who might attempt to crack the keys for use on another system, it also requires that no backup copies of the keys can be kept. As understood herein, this has the inconvenient drawback that if the user's motherboard is replaced pursuant to, e.g., a hardware failure, t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): H04L9/00
CPCH04L9/0643H04L2209/127H04L9/0897H04L9/0863H04L9/002H04L9/0822
Inventor RIVERA, DAVIDCHALLENER, DAVID CARROLLHOFF, JAMES PATRICK
Owner IBM CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com